<?php
require_once  __DIR__ . '/includes/authenticate.php';

$username = $_SESSION['username'];

$errors = [];

if (isset($_POST['oldpwd'])) {
	include_once './db_bb_connect.php';
	$expected = ['username','oldpwd', 'newpwd', 'newpwdconfirm'];
	foreach ($_POST as $key => $value) {
		if (in_array($key, $expected)) {
			$$key = trim($value);
			if (empty($$key)){
				$errors[$key] = 'This field requires a value.';
			}
		}
	}

	$sql = "SELECT pwd FROM users WHERE username = '$username'";
	$result = $db->query($sql);
	$row = $result->fetch_assoc();
	$storedpwd = $row['pwd'];
	if (password_verify($oldpwd,$storedpwd)) {
		if (!$errors) {
			if ($newpwd != $newpwdconfirm) {
			$errors['nomatch'] = 'Passwords do not match.';
			} else {
				$newhashedpwd = password_hash($newpwd, PASSWORD_DEFAULT);
				$sql = "UPDATE users
				SET pwd = '$newhashedpwd'
				WHERE username = '$username'";
				if ($db->query($sql)){
					$errors['success'] = "Password succesfully updated!";
					//echo "Password succesfully updated!";
				} else {
					echo "Something went wrong!";
				}
			}
		}
	} else {
		$errors['failed'] = "Wrong password";
	}	
}


?>
<br>
<div class="container-fluid">
<div class="row">
<div class="col-md-10">
<form class="form-horizontal" method="POST">

	<input type="hidden" name="username" value="<?= $username;?>"/>

	<div class="form-group">
		<label class="control-label col-sm-4" for="pwd">Old Password:</label>
		<div class="col-sm-8">
			<input class="form-control" type="password" name="oldpwd" placeholder="Old Password"/>
			
		<?php
		if (isset($errors['oldpw'])) {
			echo $errors['oldpw'];
		} elseif (isset($errors['failed'])){
			echo $errors['failed'];
		}
		?>
		</div>
	</div>


	<div class="form-group">
		<label class="control-label col-sm-4" for="pwd">New Password:</label>
		<div class="col-sm-8">
			<input class="form-control" type="password" name="newpwd" placeholder="New Password"/>
			
		</div>
	</div>


	<div class="form-group">
		<label class="control-label col-sm-4" for="pwd">Confirm New Password:</label>
		<div class="col-sm-8">
			<input class="form-control" type="password" name="newpwdconfirm" placeholder="Confirm New Password"/>
			
			<?php 

	if (isset($errors['newpwdconfirm'])) {
		echo $errors['newpwdconfirm'];
	} elseif (isset($errors['nomatch'])){
		echo $errors['nomatch'];
	}

	?>
		</div>
	</div>

	<div class="form-group">
		<div class="col-sm-offset-5 col-sm-7 col-md-7 col-md-offset-5" >
			<button type="submit" name="changepw" class="btn btn-default" value="changepw">Apply Change</button>
	    </div>
    </div>	

</form>

<div id="message">

	<br><br> <h3>

<?php 

	if (isset($errors['success'])) {
		echo $errors['success'];
	} 

	?>
</h3>
</div>

</div>



<div class="col-md-2"></div>
</div>
</div>

<script type="text/javascript">

$("form").on("submit", function(e) {
		postData = $(this).serialize();		
		$.ajax({
 			type: "POST",
  			url: "./changepw.php",
  			data: postData,
  			success: function(data) { 	
 				$("#settingssubcontent").html(data);
  			},
  			error: function (xhr, status, error) {
  				$("#settingssubcontent").html(xhr.responseText);

  			}
  		}); 
		e.preventDefault();
});

</script>